import { CONFIG } from '@/constants/config';

// Permissions are now directly strings in format "app.permission"
export type Permission = string;

export interface InitialState {
  currentUser?: {
    permissions?: Permission[];
    isStaff?: boolean;
    isSuperuser?: boolean;
  };
}

export default (initialState: InitialState) => {
  console.log('initialState:', initialState);

  // 获取用户权限列表
  const permissions = initialState?.currentUser?.permissions || [];

  // 是否是超级用户
  const isStaff = initialState?.currentUser?.isStaff || false;
  const isSuperUser = initialState?.currentUser?.isSuperuser || false;

  console.log('Access Control Status:', {
    user: {
      isStaff,
      isSuperUser,
      permissions,
    },
  });

  const access = {
    isStaff,
    isSuperuser: isSuperUser,
    // 用户管理权限
    canReadUser: isSuperUser || permissions.includes('auth.view_user'),
    canAddUser: isSuperUser || permissions.includes('auth.add_user'),
    canChangeUser: isSuperUser || permissions.includes('auth.change_user'),
    canDeleteUser: isSuperUser || permissions.includes('auth.delete_user'),
    
    // 设备管理权限
    canLogoutUserDevice: isSuperUser || permissions.includes('auth.logout_user_device'),
    
    // 角色管理权限
    canReadGroup: isSuperUser || permissions.includes('auth.view_group'),
    canAddGroup: isSuperUser || permissions.includes('auth.add_group'),
    canChangeGroup: isSuperUser || permissions.includes('auth.change_group'),
    canDeleteGroup: isSuperUser || permissions.includes('auth.delete_group'),
    
    // 分类管理权限
    canReadCategory: isSuperUser || permissions.includes('nav.view_category'),
    canAddCategory: isSuperUser || permissions.includes('nav.add_category'),
    canChangeCategory: isSuperUser || permissions.includes('nav.change_category'),
    canDeleteCategory: isSuperUser || permissions.includes('nav.delete_category'),
    
    // 标签管理权限
    canReadTag: isSuperUser || permissions.includes('nav.view_tag'),
    canAddTag: isSuperUser || permissions.includes('nav.add_tag'),
    canChangeTag: isSuperUser || permissions.includes('nav.change_tag'),
    canDeleteTag: isSuperUser || permissions.includes('nav.delete_tag'),
    
    // 链接管理权限
    canReadLink: isSuperUser || permissions.includes('nav.view_link'),
    canAddLink: isSuperUser || permissions.includes('nav.add_link'),
    canChangeLink: isSuperUser || permissions.includes('nav.change_link'),
    canDeleteLink: isSuperUser || permissions.includes('nav.delete_link'),
  };

  console.log('Access Control Result:', access);

  return access;
};
